A. Windows will use a 60-day tombstone lifetime (TSL) if no value is set in the forest's configuration. The domain controller promotion wizards for different versions of Windows usually set other values when they create new forests. See the previous FAQ for those values.
You can check your forest's value by launching the ADSI edit tool (ADSIEDIT.msc) and browsing the Configuration partition for the AD forest. Navigate to CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=domain, DC=com. Right-click the CN=Directory Service object and select Properties. Look for the tombstoneLifetime value. As I said, if the value isn't set, 60 days is used. Otherwise, the value specified is used, such as 180 in the example shown here.
Click to expand.
- Q. Is there an easy way to clean up the metadata of deleted domain controllers (DCs)?
- Q. The Active Directory (AD) best practices recommend using a RAID 1 mirror set for the AD database and a separate RAID 1 mirror set for the AD logs. Is this really necessary and the best use of spindles?
- Q. I need to perform an AD database restore. Can I just stop the Active Directory service (NTDS) on my Windows Server 2008 or later domain controller (DC), perform the restore, then start the service again?
- Q. How can I export the schema of my Active Directory forest?
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.